__/ [ nessuno@xxxxxxxxxxxxxxxxxxx ] on Saturday 29 April 2006 01:37 \__
> "Infosec Anti-virus firms at Infosec say they expect Vista and IE7 to
> change nothing for the industry. Microsoft used its presence at the
> show to laud the security features they've been busy building in the
> the upcoming software.
It's easy to flaunt security when a product is not yet released. It has been
noted several times before that Vista will have little effect on security.
60% of its messy code still needs to be rewritten in order to be properly
tested. Many vulnerabilities that are discovered in Windows XP and Internet
Explorer 6 affect their successors as well. Since Vista has not hit the
shelves yet, at times you will not even be told about this. The
vulnerabilities can be fixed (swept under the cappet) without anyone's
> "In particular, Microsoft was eager to talk about how Vista will
> finally jettison the need to run Windows as an administrator most of
> the time.
> "Eugene Kaspersky, founder of the eponymous Russian AV outfit said he
> expects the new privilege regime to have little effect. He said: "Of
> course they [virus writers] will find a way round it. Within a year
> there will be something like a rootkit for Vista."
> "John Kay, Chief Technical Officer at Blackspider reckons on a "bug per
> line of code". With the traditionally Heath-Robinsonian construction of
> MS browsers he's not hopeful for IE7. He said: "I dread to think how
> many lines of code there are in there."
Gist: Windows Vista bugs =~ 36,000,000
> "Of the overall security outlook, Kay added: 'My wife and kids are
> going to continue to be subjected to all the threats out there [with
> the switch to Vista]. If you think about it, that's just crap.'
> "Nobody suggested it's all Microsoft's fault though. Its status as
> target number one and AV firms keeness to trumpet their wares over
> others', releasing details of the heuristics, puts the power in the
> hands of spammers and their virus-writing chums.
> "In a way, it's all mutually beneficial for security firms and
> Microsoft of course. Nobody, not even the acolytes at Redmond, can be
> expecting Infosec 2007 to be a ghost town.®"
With OneCare, the upcoming security service/package from Microsoft, there
will be a subtle financial incentive for bugs and vulnerabilities. I suppose
there will be little or no change to the state of spam and DDoS attacks,
which affect the entire Net, as opposed to just Windows users.
Roy S. Schestowitz | "Turn up the jukebox and tell me a lie"
http://Schestowitz.com | SuSE Linux ¦ PGP-Key: 0x74572E8E
4:45am up 1 day 11:50, 13 users, load average: 0.27, 0.41, 0.54
http://iuron.com - help build a non-profit search engine